Data Artist

Slides from my Flash on the Beach session on decompiling SWFs

Here are the slides from my presentation that I gave today at Flash on the Beach. The presentation covers decompiling Flash and Flex SWFs and includes an overview of the tools available, a few examples of the kind of code you might see, and some security suggestions. I will not be posting any of the code that I showed during the session (apart from the very tiny snippets in the slides). I think it’s pretty obvious why I’m not going to post the decompiled Photoshop Express code 🙂

I don’t think there’s any formal feedback survey or anything at FOTB, so if you were at my session I’d love to hear what you thought about it. You can email me at doug@dougmccune.com or leave some comments here. Let me know what you liked and what you didn’t.

Related:

I've just posted the title and description of the session I'll be giving at Flash on the Beach, which is happening September 28-Oct 1 in Brighton, England. My session is titled: Decompiling Flex and Flash. Here's the full description (which you can also find on the FOTB site): In this…

While doing some research for my decompiling session at Flash on the Beach, I came across this gem of a post on the Adobe ActionScript 3 message board. Someone posts a block of code and asks "I’m getting 3 compiling errors when I test my flash movie: could you guys…

Update: Turns out that the code in Nemo 440 is actually just the code from the abcdump.as file in the Tamarin project. It looks like the abcdump.as file was written by Dan Schaffer from Adobe. So it turns out I could have just grabbed that file and not decompiled Nemo…

Tags: code, decompiled, beach, flash, decompiling

Standard

Post navigation

10 thoughts on “Slides from my Flash on the Beach session on decompiling SWFs”

Great slides Doug, same thing I always tell clients when they ask about swfs, security and hiding code. “It’s on the internet, people will get it, deal with it”. Unfortunately the only way to really deal with people stealing code is to sick lawyers on them. Better off to just create a kick butt app, get the jump on everyone and then keep pushing while everyone plays catch up.

I was at your session. Sadly I didn’t sit right at the very front, so didn’t get a copy of your book. So I hated your session 😉

In reality, I actually thought it was the second best presentation of the whole three days. I’m a flex developer who just doesn’t get Flash Pro and all the art-farty crap that designers come up with. So your code-only session was great. The best session was Mark Anders’ one on Flex 4 and Thermo BTW, so don’t feel bad that you weren’t best.

I’m pretty sure the session wasn’t recorded. At FOTB they only seemed to be recording the presentations on the biggest stage, and I’m not sure if those are even going to be made available or not. In my case it might be best that it wasn’t recorded, seeing as I pulled up various bits and pieces of decompiled apps and talked pretty frankly about specific applications and libraries I’ve decompiled 🙂

Maybe I’ll try to give this talk at a local user group meeting or something and post a recording of that, I’ll see if I can work something out.

Just downloaded the slides and wanted to say thanks for a great session at FOTB – it was definitely one of my favorites – I’ve taken away some knowledge I can really use and hope to learn more from. Cheers!

We all should know that no security system is perfect – everything can be broken with enough time and effort. However, as you pointed out in your presentation, one of the safest things to do is separate the protection components from the application. We have found this to be EXTREMELY beneficial in protecting not just the licensing of a solution – but also protecting the core know-how within the Application.

Thanks for picking up on that fundamental. It is amazing how many people “don’t” get that aspect of protecting software.

NOTE TO EVERYONE: There is no such thing as “ethical” hacking… If people want to know how other people do things – go to a 360|Flex conference and talk to the people that wrote them. (or buy Doug’s book) 🙂 It is amazing how open people are to helping each other in this community (a good thing).